Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2023-42852
Vulnerability from cvelistv5
Published
2023-10-25 18:32
Modified
2025-02-13 17:12
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213986"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213987"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213988"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/22"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/27"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5557"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing web content may lead to arbitrary code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T15:06:24.329Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981"
},
{
"url": "https://support.apple.com/en-us/HT213986"
},
{
"url": "https://support.apple.com/en-us/HT213987"
},
{
"url": "https://support.apple.com/en-us/HT213984"
},
{
"url": "https://support.apple.com/en-us/HT213988"
},
{
"url": "https://support.apple.com/en-us/HT213982"
},
{
"url": "https://support.apple.com/kb/HT213984"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/22"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/27"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
},
{
"url": "https://www.debian.org/security/2023/dsa-5557"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
},
{
"url": "https://security.gentoo.org/glsa/202401-33"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-42852",
"datePublished": "2023-10-25T18:32:18.866Z",
"dateReserved": "2023-09-14T19:05:11.450Z",
"dateUpdated": "2025-02-13T17:12:46.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-42852\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2023-10-25T19:15:10.843\",\"lastModified\":\"2024-11-21T08:23:22.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 un problema l\u00f3gico con controles mejorados. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1, watchOS 10.1, iOS 16.7.2 y iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.1\",\"matchCriteriaId\":\"84250563-E42D-4F36-ACB0-081804E27FA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.7.2\",\"matchCriteriaId\":\"3DFB829A-82EA-40BB-81F9-AD4F69F24ABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.1\",\"matchCriteriaId\":\"387C5D63-833F-4407-A402-501DEF4E15AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.7.2\",\"matchCriteriaId\":\"5EB9EAAE-441A-4844-BCB2-1716FD9ACE85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.1\",\"matchCriteriaId\":\"F53A32D0-DB67-40D7-B14E-3963E696A77E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.1\",\"matchCriteriaId\":\"F9F52915-10F1-4514-B839-F6DC74B53555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.1\",\"matchCriteriaId\":\"6B71C095-CFB3-42E1-8582-0AD365DA7855\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.1\",\"matchCriteriaId\":\"F88E7355-ECFB-4EB0-9579-0C954C25355F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/19\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/22\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/23\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/24\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/25\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/27\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/11/15/1\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-33\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213981\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213982\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213984\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213986\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213987\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213988\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213984\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5557\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Oct/27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/11/15/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT213988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5557\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
rhsa-2024:9680
Vulnerability from csaf_redhat
Published
2024-11-14 15:24
Modified
2025-01-29 18:17
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9680",
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9680.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:17:35+00:00",
"generator": {
"date": "2025-01-29T18:17:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:9680",
"initial_release_date": "2024-11-14T15:24:51+00:00",
"revision_history": [
{
"date": "2024-11-14T15:24:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T15:24:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:17:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
rhsa-2024:9679
Vulnerability from csaf_redhat
Published
2024-11-14 15:34
Modified
2025-01-29 18:18
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9679",
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9679.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:18:01+00:00",
"generator": {
"date": "2025-01-29T18:18:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:9679",
"initial_release_date": "2024-11-14T15:34:16+00:00",
"revision_history": [
{
"date": "2024-11-14T15:34:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T15:34:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:18:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
rhsa-2024:8496
Vulnerability from csaf_redhat
Published
2024-10-28 01:13
Modified
2025-01-29 18:17
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8496",
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/",
"url": "https://access.redhat.com/security/vulnerabilities/"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8496.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:17:07+00:00",
"generator": {
"date": "2025-01-29T18:17:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:8496",
"initial_release_date": "2024-10-28T01:13:18+00:00",
"revision_history": [
{
"date": "2024-10-28T01:13:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-28T01:13:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:17:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
RHSA-2024:2126
Vulnerability from csaf_redhat
Published
2024-04-30 10:37
Modified
2024-11-27 12:54
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)
* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)
* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)
* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)
* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)
* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)
* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)\n\n* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)\n\n* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)\n\n* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)\n\n* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)\n\n* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)\n\n* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2126",
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index"
},
{
"category": "external",
"summary": "2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "RHEL-3960",
"url": "https://issues.redhat.com/browse/RHEL-3960"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2126.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-11-27T12:54:33+00:00",
"generator": {
"date": "2024-11-27T12:54:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:2126",
"initial_release_date": "2024-04-30T10:37:42+00:00",
"revision_history": [
{
"date": "2024-04-30T10:37:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-30T10:37:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-27T12:54:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.src",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.src",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.src",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-1745",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270151"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the SVG implementation within WebKitGTK. This flaw allows remote attackers to exploit the removal of an SVGFontFaceElement object, which occurs through specific vectors that trigger the deletion of the object during rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-1745"
},
{
"category": "external",
"summary": "RHBZ#2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents"
},
{
"cve": "CVE-2023-32359",
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271449"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in webkitgtk where a user\u2019s password may be read aloud by a text-to-speech accessibility feature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32359"
},
{
"category": "external",
"summary": "RHBZ#2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32359"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature"
},
{
"cve": "CVE-2023-39928",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-09-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241400"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the WebKitGTK\u0027s MediaRecorder API that may lead to memory corruption and Remote Code Execution. The victim needs to access a malicious web page to trigger this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39928"
},
{
"category": "external",
"summary": "RHBZ#2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0009.html",
"url": "https://webkitgtk.org/security/WSA-2023-0009.html"
}
],
"release_date": "2023-09-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports"
},
{
"cve": "CVE-2023-40414",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270143"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit could allow an attacker to execute arbitrary code on a target system. The issue arises from a use-after-free flaw in memory management when processing web content. This flaw can potentially give attackers the ability to take control of affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40414"
},
{
"category": "external",
"summary": "RHBZ#2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-41983",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271453"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit may result in a denial-of-service when processing web content. This issue arises from improper memory handling, which could be exploited by attackers to crash the affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41983"
},
{
"category": "external",
"summary": "RHBZ#2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing web content may lead to a denial of service"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42883",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing a malicious image, which could result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing a malicious image may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42883"
},
{
"category": "external",
"summary": "RHBZ#2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing a malicious image may lead to a denial of service"
},
{
"cve": "CVE-2023-42890",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254327"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing malicious web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While the discovered flaw in WebKitGTK does indeed present a concerning potential for arbitrary code execution due to memory corruption, its severity is assessed as moderate rather than critical for several reasons. Firstly, successful exploitation of the vulnerability requires the user to interact with malicious HTML content, typically through visiting a compromised website. This dependency on user interaction reduces the likelihood of widespread exploitation compared to vulnerabilities that can be remotely exploited without user interaction. Additionally, the impact of the flaw may be mitigated by various security measures such as sandboxing or Content Security Policy (CSP) enforcement, which can limit the execution environment for potentially malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42890"
},
{
"category": "external",
"summary": "RHBZ#2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing malicious web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-23206",
"discovery_date": "2024-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269743"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This flaw allows a remote attacker to bypass the security restriction by using a specially crafted malicious website to fingerprint the victim.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23206"
},
{
"category": "external",
"summary": "RHBZ#2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2024-23213",
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270141"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK\u00a0. This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23213"
},
{
"category": "external",
"summary": "RHBZ#2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
}
]
}
RHSA-2024:2982
Vulnerability from csaf_redhat
Published
2024-05-22 09:34
Modified
2024-11-27 12:54
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)
* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)
* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)
* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)
* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)
* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)
* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)\n\n* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)\n\n* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)\n\n* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)\n\n* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)\n\n* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)\n\n* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2982",
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index"
},
{
"category": "external",
"summary": "2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "RHEL-3961",
"url": "https://issues.redhat.com/browse/RHEL-3961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2982.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-11-27T12:54:45+00:00",
"generator": {
"date": "2024-11-27T12:54:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:2982",
"initial_release_date": "2024-05-22T09:34:54+00:00",
"revision_history": [
{
"date": "2024-05-22T09:34:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-22T09:34:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-27T12:54:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.src",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.src",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.src",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-1745",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270151"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the SVG implementation within WebKitGTK. This flaw allows remote attackers to exploit the removal of an SVGFontFaceElement object, which occurs through specific vectors that trigger the deletion of the object during rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-1745"
},
{
"category": "external",
"summary": "RHBZ#2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents"
},
{
"cve": "CVE-2023-32359",
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271449"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in webkitgtk where a user\u2019s password may be read aloud by a text-to-speech accessibility feature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32359"
},
{
"category": "external",
"summary": "RHBZ#2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32359"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature"
},
{
"cve": "CVE-2023-39928",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-09-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241400"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the WebKitGTK\u0027s MediaRecorder API that may lead to memory corruption and Remote Code Execution. The victim needs to access a malicious web page to trigger this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39928"
},
{
"category": "external",
"summary": "RHBZ#2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0009.html",
"url": "https://webkitgtk.org/security/WSA-2023-0009.html"
}
],
"release_date": "2023-09-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports"
},
{
"cve": "CVE-2023-40414",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270143"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit could allow an attacker to execute arbitrary code on a target system. The issue arises from a use-after-free flaw in memory management when processing web content. This flaw can potentially give attackers the ability to take control of affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40414"
},
{
"category": "external",
"summary": "RHBZ#2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-41983",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271453"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit may result in a denial-of-service when processing web content. This issue arises from improper memory handling, which could be exploited by attackers to crash the affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41983"
},
{
"category": "external",
"summary": "RHBZ#2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing web content may lead to a denial of service"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42883",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing a malicious image, which could result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing a malicious image may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42883"
},
{
"category": "external",
"summary": "RHBZ#2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing a malicious image may lead to a denial of service"
},
{
"cve": "CVE-2023-42890",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254327"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing malicious web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While the discovered flaw in WebKitGTK does indeed present a concerning potential for arbitrary code execution due to memory corruption, its severity is assessed as moderate rather than critical for several reasons. Firstly, successful exploitation of the vulnerability requires the user to interact with malicious HTML content, typically through visiting a compromised website. This dependency on user interaction reduces the likelihood of widespread exploitation compared to vulnerabilities that can be remotely exploited without user interaction. Additionally, the impact of the flaw may be mitigated by various security measures such as sandboxing or Content Security Policy (CSP) enforcement, which can limit the execution environment for potentially malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42890"
},
{
"category": "external",
"summary": "RHBZ#2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing malicious web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-23206",
"discovery_date": "2024-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269743"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This flaw allows a remote attacker to bypass the security restriction by using a specially crafted malicious website to fingerprint the victim.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23206"
},
{
"category": "external",
"summary": "RHBZ#2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2024-23213",
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270141"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK\u00a0. This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23213"
},
{
"category": "external",
"summary": "RHBZ#2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
}
]
}
RHSA-2024:9653
Vulnerability from csaf_redhat
Published
2024-11-14 12:21
Modified
2025-01-29 18:17
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9653",
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/",
"url": "https://access.redhat.com/security/vulnerabilities/"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9653.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:17:21+00:00",
"generator": {
"date": "2025-01-29T18:17:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:9653",
"initial_release_date": "2024-11-14T12:21:26+00:00",
"revision_history": [
{
"date": "2024-11-14T12:21:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T12:21:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:17:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
rhsa-2024:8492
Vulnerability from csaf_redhat
Published
2024-10-28 00:58
Modified
2025-01-29 18:16
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8492",
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8492.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:16:55+00:00",
"generator": {
"date": "2025-01-29T18:16:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:8492",
"initial_release_date": "2024-10-28T00:58:43+00:00",
"revision_history": [
{
"date": "2024-10-28T00:58:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-28T00:58:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:16:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
RHSA-2024:9679
Vulnerability from csaf_redhat
Published
2024-11-14 15:34
Modified
2025-01-29 18:18
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9679",
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9679.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:18:01+00:00",
"generator": {
"date": "2025-01-29T18:18:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:9679",
"initial_release_date": "2024-11-14T15:34:16+00:00",
"revision_history": [
{
"date": "2024-11-14T15:34:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T15:34:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:18:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
RHSA-2024:8492
Vulnerability from csaf_redhat
Published
2024-10-28 00:58
Modified
2025-01-29 18:16
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8492",
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8492.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:16:55+00:00",
"generator": {
"date": "2025-01-29T18:16:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:8492",
"initial_release_date": "2024-10-28T00:58:43+00:00",
"revision_history": [
{
"date": "2024-10-28T00:58:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-28T00:58:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:16:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
rhsa-2024_8496
Vulnerability from csaf_redhat
Published
2024-10-28 01:13
Modified
2024-12-20 18:00
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8496",
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/",
"url": "https://access.redhat.com/security/vulnerabilities/"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8496.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-12-20T18:00:03+00:00",
"generator": {
"date": "2024-12-20T18:00:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:8496",
"initial_release_date": "2024-10-28T01:13:18+00:00",
"revision_history": [
{
"date": "2024-10-28T01:13:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-28T01:13:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-20T18:00:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
}
]
}
rhsa-2024:2982
Vulnerability from csaf_redhat
Published
2024-05-22 09:34
Modified
2024-11-27 12:54
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)
* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)
* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)
* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)
* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)
* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)
* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)\n\n* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)\n\n* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)\n\n* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)\n\n* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)\n\n* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)\n\n* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2982",
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index"
},
{
"category": "external",
"summary": "2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "RHEL-3961",
"url": "https://issues.redhat.com/browse/RHEL-3961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2982.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-11-27T12:54:45+00:00",
"generator": {
"date": "2024-11-27T12:54:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:2982",
"initial_release_date": "2024-05-22T09:34:54+00:00",
"revision_history": [
{
"date": "2024-05-22T09:34:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-22T09:34:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-27T12:54:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.src",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.src",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.src",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-1745",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270151"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the SVG implementation within WebKitGTK. This flaw allows remote attackers to exploit the removal of an SVGFontFaceElement object, which occurs through specific vectors that trigger the deletion of the object during rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-1745"
},
{
"category": "external",
"summary": "RHBZ#2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents"
},
{
"cve": "CVE-2023-32359",
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271449"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in webkitgtk where a user\u2019s password may be read aloud by a text-to-speech accessibility feature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32359"
},
{
"category": "external",
"summary": "RHBZ#2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32359"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature"
},
{
"cve": "CVE-2023-39928",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-09-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241400"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the WebKitGTK\u0027s MediaRecorder API that may lead to memory corruption and Remote Code Execution. The victim needs to access a malicious web page to trigger this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39928"
},
{
"category": "external",
"summary": "RHBZ#2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0009.html",
"url": "https://webkitgtk.org/security/WSA-2023-0009.html"
}
],
"release_date": "2023-09-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports"
},
{
"cve": "CVE-2023-40414",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270143"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit could allow an attacker to execute arbitrary code on a target system. The issue arises from a use-after-free flaw in memory management when processing web content. This flaw can potentially give attackers the ability to take control of affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40414"
},
{
"category": "external",
"summary": "RHBZ#2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-41983",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271453"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit may result in a denial-of-service when processing web content. This issue arises from improper memory handling, which could be exploited by attackers to crash the affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41983"
},
{
"category": "external",
"summary": "RHBZ#2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing web content may lead to a denial of service"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42883",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing a malicious image, which could result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing a malicious image may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42883"
},
{
"category": "external",
"summary": "RHBZ#2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing a malicious image may lead to a denial of service"
},
{
"cve": "CVE-2023-42890",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254327"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing malicious web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While the discovered flaw in WebKitGTK does indeed present a concerning potential for arbitrary code execution due to memory corruption, its severity is assessed as moderate rather than critical for several reasons. Firstly, successful exploitation of the vulnerability requires the user to interact with malicious HTML content, typically through visiting a compromised website. This dependency on user interaction reduces the likelihood of widespread exploitation compared to vulnerabilities that can be remotely exploited without user interaction. Additionally, the impact of the flaw may be mitigated by various security measures such as sandboxing or Content Security Policy (CSP) enforcement, which can limit the execution environment for potentially malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42890"
},
{
"category": "external",
"summary": "RHBZ#2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing malicious web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-23206",
"discovery_date": "2024-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269743"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This flaw allows a remote attacker to bypass the security restriction by using a specially crafted malicious website to fingerprint the victim.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23206"
},
{
"category": "external",
"summary": "RHBZ#2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2024-23213",
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270141"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK\u00a0. This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23213"
},
{
"category": "external",
"summary": "RHBZ#2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
}
]
}
rhsa-2024:2126
Vulnerability from csaf_redhat
Published
2024-04-30 10:37
Modified
2024-11-27 12:54
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)
* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)
* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)
* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)
* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)
* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)
* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)\n\n* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)\n\n* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)\n\n* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)\n\n* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)\n\n* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)\n\n* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2126",
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index"
},
{
"category": "external",
"summary": "2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "RHEL-3960",
"url": "https://issues.redhat.com/browse/RHEL-3960"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2126.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-11-27T12:54:33+00:00",
"generator": {
"date": "2024-11-27T12:54:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:2126",
"initial_release_date": "2024-04-30T10:37:42+00:00",
"revision_history": [
{
"date": "2024-04-30T10:37:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-30T10:37:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-27T12:54:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.src",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.src",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.src",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-1745",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270151"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the SVG implementation within WebKitGTK. This flaw allows remote attackers to exploit the removal of an SVGFontFaceElement object, which occurs through specific vectors that trigger the deletion of the object during rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-1745"
},
{
"category": "external",
"summary": "RHBZ#2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents"
},
{
"cve": "CVE-2023-32359",
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271449"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in webkitgtk where a user\u2019s password may be read aloud by a text-to-speech accessibility feature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32359"
},
{
"category": "external",
"summary": "RHBZ#2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32359"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature"
},
{
"cve": "CVE-2023-39928",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-09-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241400"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the WebKitGTK\u0027s MediaRecorder API that may lead to memory corruption and Remote Code Execution. The victim needs to access a malicious web page to trigger this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39928"
},
{
"category": "external",
"summary": "RHBZ#2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0009.html",
"url": "https://webkitgtk.org/security/WSA-2023-0009.html"
}
],
"release_date": "2023-09-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports"
},
{
"cve": "CVE-2023-40414",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270143"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit could allow an attacker to execute arbitrary code on a target system. The issue arises from a use-after-free flaw in memory management when processing web content. This flaw can potentially give attackers the ability to take control of affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40414"
},
{
"category": "external",
"summary": "RHBZ#2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-41983",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271453"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit may result in a denial-of-service when processing web content. This issue arises from improper memory handling, which could be exploited by attackers to crash the affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41983"
},
{
"category": "external",
"summary": "RHBZ#2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing web content may lead to a denial of service"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42883",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing a malicious image, which could result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing a malicious image may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42883"
},
{
"category": "external",
"summary": "RHBZ#2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing a malicious image may lead to a denial of service"
},
{
"cve": "CVE-2023-42890",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254327"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing malicious web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While the discovered flaw in WebKitGTK does indeed present a concerning potential for arbitrary code execution due to memory corruption, its severity is assessed as moderate rather than critical for several reasons. Firstly, successful exploitation of the vulnerability requires the user to interact with malicious HTML content, typically through visiting a compromised website. This dependency on user interaction reduces the likelihood of widespread exploitation compared to vulnerabilities that can be remotely exploited without user interaction. Additionally, the impact of the flaw may be mitigated by various security measures such as sandboxing or Content Security Policy (CSP) enforcement, which can limit the execution environment for potentially malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42890"
},
{
"category": "external",
"summary": "RHBZ#2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing malicious web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-23206",
"discovery_date": "2024-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269743"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This flaw allows a remote attacker to bypass the security restriction by using a specially crafted malicious website to fingerprint the victim.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23206"
},
{
"category": "external",
"summary": "RHBZ#2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2024-23213",
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270141"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK\u00a0. This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23213"
},
{
"category": "external",
"summary": "RHBZ#2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
}
]
}
rhsa-2024_9680
Vulnerability from csaf_redhat
Published
2024-11-14 15:24
Modified
2024-12-20 18:01
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9680",
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9680.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-12-20T18:01:30+00:00",
"generator": {
"date": "2024-12-20T18:01:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:9680",
"initial_release_date": "2024-11-14T15:24:51+00:00",
"revision_history": [
{
"date": "2024-11-14T15:24:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T15:24:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-20T18:01:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
}
]
}
rhsa-2024_2126
Vulnerability from csaf_redhat
Published
2024-04-30 10:37
Modified
2024-11-27 12:54
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)
* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)
* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)
* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)
* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)
* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)
* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)\n\n* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)\n\n* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)\n\n* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)\n\n* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)\n\n* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)\n\n* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2126",
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.4_release_notes/index"
},
{
"category": "external",
"summary": "2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "RHEL-3960",
"url": "https://issues.redhat.com/browse/RHEL-3960"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2126.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-11-27T12:54:33+00:00",
"generator": {
"date": "2024-11-27T12:54:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:2126",
"initial_release_date": "2024-04-30T10:37:42+00:00",
"revision_history": [
{
"date": "2024-04-30T10:37:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-30T10:37:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-27T12:54:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.src",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.src",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.src",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-1745",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270151"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the SVG implementation within WebKitGTK. This flaw allows remote attackers to exploit the removal of an SVGFontFaceElement object, which occurs through specific vectors that trigger the deletion of the object during rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-1745"
},
{
"category": "external",
"summary": "RHBZ#2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents"
},
{
"cve": "CVE-2023-32359",
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271449"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in webkitgtk where a user\u2019s password may be read aloud by a text-to-speech accessibility feature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32359"
},
{
"category": "external",
"summary": "RHBZ#2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32359"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature"
},
{
"cve": "CVE-2023-39928",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-09-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241400"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the WebKitGTK\u0027s MediaRecorder API that may lead to memory corruption and Remote Code Execution. The victim needs to access a malicious web page to trigger this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39928"
},
{
"category": "external",
"summary": "RHBZ#2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0009.html",
"url": "https://webkitgtk.org/security/WSA-2023-0009.html"
}
],
"release_date": "2023-09-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports"
},
{
"cve": "CVE-2023-40414",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270143"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit could allow an attacker to execute arbitrary code on a target system. The issue arises from a use-after-free flaw in memory management when processing web content. This flaw can potentially give attackers the ability to take control of affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40414"
},
{
"category": "external",
"summary": "RHBZ#2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-41983",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271453"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit may result in a denial-of-service when processing web content. This issue arises from improper memory handling, which could be exploited by attackers to crash the affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41983"
},
{
"category": "external",
"summary": "RHBZ#2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing web content may lead to a denial of service"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42883",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing a malicious image, which could result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing a malicious image may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42883"
},
{
"category": "external",
"summary": "RHBZ#2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing a malicious image may lead to a denial of service"
},
{
"cve": "CVE-2023-42890",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254327"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing malicious web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While the discovered flaw in WebKitGTK does indeed present a concerning potential for arbitrary code execution due to memory corruption, its severity is assessed as moderate rather than critical for several reasons. Firstly, successful exploitation of the vulnerability requires the user to interact with malicious HTML content, typically through visiting a compromised website. This dependency on user interaction reduces the likelihood of widespread exploitation compared to vulnerabilities that can be remotely exploited without user interaction. Additionally, the impact of the flaw may be mitigated by various security measures such as sandboxing or Content Security Policy (CSP) enforcement, which can limit the execution environment for potentially malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42890"
},
{
"category": "external",
"summary": "RHBZ#2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing malicious web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-23206",
"discovery_date": "2024-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269743"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This flaw allows a remote attacker to bypass the security restriction by using a specially crafted malicious website to fingerprint the victim.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23206"
},
{
"category": "external",
"summary": "RHBZ#2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2024-23213",
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270141"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK\u00a0. This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23213"
},
{
"category": "external",
"summary": "RHBZ#2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T10:37:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2126"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.src",
"AppStream-9.4.0.GA:webkit2gtk3-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el9.x86_64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.aarch64",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.i686",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.ppc64le",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.s390x",
"AppStream-9.4.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
}
]
}
rhsa-2024_9653
Vulnerability from csaf_redhat
Published
2024-11-14 12:21
Modified
2024-12-20 18:00
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9653",
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/",
"url": "https://access.redhat.com/security/vulnerabilities/"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9653.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-12-20T18:00:39+00:00",
"generator": {
"date": "2024-12-20T18:00:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:9653",
"initial_release_date": "2024-11-14T12:21:26+00:00",
"revision_history": [
{
"date": "2024-11-14T12:21:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T12:21:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-20T18:00:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
}
]
}
RHSA-2024:8496
Vulnerability from csaf_redhat
Published
2024-10-28 01:13
Modified
2025-01-29 18:17
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8496",
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/",
"url": "https://access.redhat.com/security/vulnerabilities/"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8496.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:17:07+00:00",
"generator": {
"date": "2025-01-29T18:17:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:8496",
"initial_release_date": "2024-10-28T01:13:18+00:00",
"revision_history": [
{
"date": "2024-10-28T01:13:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-28T01:13:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:17:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T01:13:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.src",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_0.x86_64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.i686",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
RHSA-2024:9680
Vulnerability from csaf_redhat
Published
2024-11-14 15:24
Modified
2025-01-29 18:17
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9680",
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9680.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:17:35+00:00",
"generator": {
"date": "2025-01-29T18:17:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:9680",
"initial_release_date": "2024-11-14T15:24:51+00:00",
"revision_history": [
{
"date": "2024-11-14T15:24:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T15:24:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:17:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:24:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.src",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.i686",
"AppStream-8.2.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
rhsa-2024:9653
Vulnerability from csaf_redhat
Published
2024-11-14 12:21
Modified
2025-01-29 18:17
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9653",
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/",
"url": "https://access.redhat.com/security/vulnerabilities/"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9653.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:17:21+00:00",
"generator": {
"date": "2025-01-29T18:17:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:9653",
"initial_release_date": "2024-11-14T12:21:26+00:00",
"revision_history": [
{
"date": "2024-11-14T12:21:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T12:21:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:17:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:21:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
rhsa-2024_8492
Vulnerability from csaf_redhat
Published
2024-10-28 00:58
Modified
2024-12-20 17:59
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8492",
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8492.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-12-20T17:59:52+00:00",
"generator": {
"date": "2024-12-20T17:59:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:8492",
"initial_release_date": "2024-10-28T00:58:43+00:00",
"revision_history": [
{
"date": "2024-10-28T00:58:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-28T00:58:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-20T17:59:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.1-1.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-28T00:58:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.src",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.1-1.el9_2.x86_64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.aarch64",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.i686",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.s390x",
"AppStream-9.2.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
}
]
}
rhsa-2024_9646
Vulnerability from csaf_redhat
Published
2024-11-14 12:02
Modified
2024-12-20 18:01
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9646",
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/",
"url": "https://access.redhat.com/security/vulnerabilities/"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9646.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-12-20T18:01:00+00:00",
"generator": {
"date": "2024-12-20T18:01:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:9646",
"initial_release_date": "2024-11-14T12:02:15+00:00",
"revision_history": [
{
"date": "2024-11-14T12:02:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T12:02:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-20T18:01:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
}
]
}
rhsa-2024_2982
Vulnerability from csaf_redhat
Published
2024-05-22 09:34
Modified
2024-11-27 12:54
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)
* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)
* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)
* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)
* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)
* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)
* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)\n\n* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)\n\n* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)\n\n* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)\n\n* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)\n\n* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)\n\n* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2982",
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index"
},
{
"category": "external",
"summary": "2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "RHEL-3961",
"url": "https://issues.redhat.com/browse/RHEL-3961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2982.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-11-27T12:54:45+00:00",
"generator": {
"date": "2024-11-27T12:54:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:2982",
"initial_release_date": "2024-05-22T09:34:54+00:00",
"revision_history": [
{
"date": "2024-05-22T09:34:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-22T09:34:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-27T12:54:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.src",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.src",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.42.5-1.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.src",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-1745",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270151"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the SVG implementation within WebKitGTK. This flaw allows remote attackers to exploit the removal of an SVGFontFaceElement object, which occurs through specific vectors that trigger the deletion of the object during rendering.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-1745"
},
{
"category": "external",
"summary": "RHBZ#2270151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270151"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1745"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents"
},
{
"cve": "CVE-2023-32359",
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271449"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in webkitgtk where a user\u2019s password may be read aloud by a text-to-speech accessibility feature.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32359"
},
{
"category": "external",
"summary": "RHBZ#2271449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271449"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32359"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32359"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: User password may be read aloud by a text-to-speech accessibility feature"
},
{
"cve": "CVE-2023-39928",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-09-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241400"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the WebKitGTK\u0027s MediaRecorder API that may lead to memory corruption and Remote Code Execution. The victim needs to access a malicious web page to trigger this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39928"
},
{
"category": "external",
"summary": "RHBZ#2241400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39928"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0009.html",
"url": "https://webkitgtk.org/security/WSA-2023-0009.html"
}
],
"release_date": "2023-09-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports"
},
{
"cve": "CVE-2023-40414",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270143"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit could allow an attacker to execute arbitrary code on a target system. The issue arises from a use-after-free flaw in memory management when processing web content. This flaw can potentially give attackers the ability to take control of affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40414"
},
{
"category": "external",
"summary": "RHBZ#2270143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40414"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-41983",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271453"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in WebKitGTK and WPE WebKit may result in a denial-of-service when processing web content. This issue arises from improper memory handling, which could be exploited by attackers to crash the affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41983"
},
{
"category": "external",
"summary": "RHBZ#2271453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41983"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing web content may lead to a denial of service"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42883",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing a malicious image, which could result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing a malicious image may lead to a denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42883"
},
{
"category": "external",
"summary": "RHBZ#2254326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42883"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing a malicious image may lead to a denial of service"
},
{
"cve": "CVE-2023-42890",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254327"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: processing malicious web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While the discovered flaw in WebKitGTK does indeed present a concerning potential for arbitrary code execution due to memory corruption, its severity is assessed as moderate rather than critical for several reasons. Firstly, successful exploitation of the vulnerability requires the user to interact with malicious HTML content, typically through visiting a compromised website. This dependency on user interaction reduces the likelihood of widespread exploitation compared to vulnerabilities that can be remotely exploited without user interaction. Additionally, the impact of the flaw may be mitigated by various security measures such as sandboxing or Content Security Policy (CSP) enforcement, which can limit the execution environment for potentially malicious code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42890"
},
{
"category": "external",
"summary": "RHBZ#2254327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254327"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42890"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: processing malicious web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-23206",
"discovery_date": "2024-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269743"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This flaw allows a remote attacker to bypass the security restriction by using a specially crafted malicious website to fingerprint the victim.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23206"
},
{
"category": "external",
"summary": "RHBZ#2269743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23206"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23206"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2024-23213",
"discovery_date": "2024-03-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270141"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK\u00a0. This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Imporatant because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23213"
},
{
"category": "external",
"summary": "RHBZ#2270141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
}
],
"release_date": "2024-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:34:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.src",
"AppStream-8.10.0.GA:webkit2gtk3-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-debugsource-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-devel-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-debuginfo-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-0:2.42.5-1.el8.x86_64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.aarch64",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.i686",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.ppc64le",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.s390x",
"AppStream-8.10.0.GA:webkit2gtk3-jsc-devel-debuginfo-0:2.42.5-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
}
]
}
rhsa-2024:9646
Vulnerability from csaf_redhat
Published
2024-11-14 12:02
Modified
2025-01-29 18:17
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9646",
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/",
"url": "https://access.redhat.com/security/vulnerabilities/"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9646.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:17:48+00:00",
"generator": {
"date": "2025-01-29T18:17:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:9646",
"initial_release_date": "2024-11-14T12:02:15+00:00",
"revision_history": [
{
"date": "2024-11-14T12:02:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T12:02:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:17:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
RHSA-2024:9646
Vulnerability from csaf_redhat
Published
2024-11-14 12:02
Modified
2025-01-29 18:17
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9646",
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/",
"url": "https://access.redhat.com/security/vulnerabilities/"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9646.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2025-01-29T18:17:48+00:00",
"generator": {
"date": "2025-01-29T18:17:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.6"
}
},
"id": "RHSA-2024:9646",
"initial_release_date": "2024-11-14T12:02:15+00:00",
"revision_history": [
{
"date": "2024-11-14T12:02:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T12:02:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-29T18:17:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-54534",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2024-12-23T13:18:32.596325+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkit: Processing maliciously crafted web content may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-54534"
},
{
"category": "external",
"summary": "RHBZ#2333846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54534"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121837",
"url": "https://support.apple.com/en-us/121837"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121839",
"url": "https://support.apple.com/en-us/121839"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121843",
"url": "https://support.apple.com/en-us/121843"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121844",
"url": "https://support.apple.com/en-us/121844"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121845",
"url": "https://support.apple.com/en-us/121845"
},
{
"category": "external",
"summary": "https://support.apple.com/en-us/121846",
"url": "https://support.apple.com/en-us/121846"
}
],
"release_date": "2024-12-11T22:58:39.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T12:02:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.src",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.aarch64",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.i686",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.s390x",
"AppStream-8.8.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkit: Processing maliciously crafted web content may lead to memory corruption"
}
]
}
rhsa-2024_9679
Vulnerability from csaf_redhat
Published
2024-11-14 15:34
Modified
2024-12-20 18:01
Summary
Red Hat Security Advisory: webkit2gtk3 security update
Notes
Topic
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)
* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)
* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)
* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
* chromium-browser: Use after free in ANGLE (CVE-2024-4558)
* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)
* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Memory corruption issue when processing web content (CVE-2022-32885)\n\n* webkitgtk: arbitrary javascript code execution (CVE-2023-40397)\n\n* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)\n\n* webkitgtk: type confusion may lead to arbitrary code execution (CVE-2024-23222)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)\n\n* chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27808)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:9679",
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9679.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2024-12-20T18:01:11+00:00",
"generator": {
"date": "2024-12-20T18:01:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:9679",
"initial_release_date": "2024-11-14T15:34:16+00:00",
"revision_history": [
{
"date": "2024-11-14T15:34:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-14T15:34:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-20T18:01:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.46.3-1.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-09-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2236842"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may lead to arbitrary code execution. This memory corruption issue was addressed with improved validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Memory corruption issue when processing web content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32885"
},
{
"category": "external",
"summary": "RHBZ#2236842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32885"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32885"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0003.html",
"url": "https://webkitgtk.org/security/WSA-2023-0003.html"
}
],
"release_date": "2023-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Memory corruption issue when processing web content"
},
{
"cve": "CVE-2023-40397",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2023-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2238945"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: arbitrary javascript code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is being rated as \u0027Moderate\u0027 as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn\u0027t ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40397"
},
{
"category": "external",
"summary": "RHBZ#2238945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40397"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40397"
},
{
"category": "external",
"summary": "https://wpewebkit.org/security/WSA-2023-0008.html",
"url": "https://wpewebkit.org/security/WSA-2023-0008.html"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: arbitrary javascript code execution"
},
{
"cve": "CVE-2023-42852",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2271456"
}
],
"notes": [
{
"category": "description",
"text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated important because it affects the confidentiality, integrity, and availability (CIA) of systems, with a high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42852"
},
{
"category": "external",
"summary": "RHBZ#2271456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42852",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0010.html",
"url": "https://webkitgtk.org/security/WSA-2023-0010.html"
}
],
"release_date": "2023-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2023-42917",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253058"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Arbitrary Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All versions of Red Hat Enterprise Linux are affected to this vulnerability. To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42917"
},
{
"category": "external",
"summary": "RHBZ#2253058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253058"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42917"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2023-0011.html",
"url": "https://webkitgtk.org/security/WSA-2023-0011.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-12-04T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Arbitrary Remote Code Execution"
},
{
"cve": "CVE-2024-4558",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279689"
}
],
"notes": [
{
"category": "description",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "chromium-browser: Use after free in ANGLE",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "RHBZ#2279689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558"
}
],
"release_date": "2024-05-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "chromium-browser: Use after free in ANGLE"
},
{
"cve": "CVE-2024-23222",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2024-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA\u0027s KEV catalog.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: type confusion may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw depends on the WebKitGTK JIT engine to be enabled. This feature has been disabled in Red Hat Enterprise Linux 8.8 and 9.2 by the errata RHSA-2023:4202 and RHSA-2023:4201. Therefore, Red Hat Enterprise Linux 8.8 and 9.2, when these errata are applied, and newer versions are not affected by this vulnerability.\n\nRHSA-2023:4202: https://access.redhat.com/errata/RHSA-2023:4202\nRHSA-2023:4201: https://access.redhat.com/errata/RHSA-2023:4201\n\nTo exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-23222"
},
{
"category": "external",
"summary": "RHBZ#2259893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23222"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0001.html",
"url": "https://webkitgtk.org/security/WSA-2024-0001.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2024-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: type confusion may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27808",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:36:18.356000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314697"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27808"
},
{
"category": "external",
"summary": "RHBZ#2314697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27808"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27820",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:37:48.081000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314698"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27820"
},
{
"category": "external",
"summary": "RHBZ#2314698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27820"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27833",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:40:34.042000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314700"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27833"
},
{
"category": "external",
"summary": "RHBZ#2314700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27833"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-27851",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-09-25T15:44:41.235000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314704"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient bounds checks, which could be exploited by attackers to execute malicious code on affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This WebKit vulnerability marked as important because it enables remote attackers to execute malicious code on users\u0027 systems just by visiting compromised websites, posing significant risks like data theft and system compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-27851"
},
{
"category": "external",
"summary": "RHBZ#2314704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27851"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0005.html",
"url": "https://webkitgtk.org/security/WSA-2024-0005.html"
}
],
"release_date": "2024-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution"
},
{
"cve": "CVE-2024-40776",
"discovery_date": "2024-07-30T20:48:03+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2301841"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40776"
},
{
"category": "external",
"summary": "RHBZ#2301841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40776"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html"
}
],
"release_date": "2024-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution"
},
{
"cve": "CVE-2024-40779",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:05:50+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40779"
},
{
"category": "external",
"summary": "RHBZ#2302070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40779"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40779"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40780",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:07:22+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302069"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40780"
},
{
"category": "external",
"summary": "RHBZ#2302069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302069"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40780"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40780"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking"
},
{
"cve": "CVE-2024-40782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-07-31T14:57:24+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302071"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40782"
},
{
"category": "external",
"summary": "RHBZ#2302071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302071"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40782"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40782"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management"
},
{
"cve": "CVE-2024-40789",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2024-07-31T15:39:05+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-40789"
},
{
"category": "external",
"summary": "RHBZ#2302067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40789"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789",
"url": "https://webkitgtk.org/security/WSA-2024-0004.html#CVE-2024-40789"
}
],
"release_date": "2024-07-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44185",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T20:05:39.339000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323263"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to the program crashing. Code execution is not discarded as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because it allows maliciously crafted web content to crash the application, potentially leads to denial of service. While it does not compromise confidentiality or integrity, the ability to crash the program without requiring authentication poses a significant risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44185"
},
{
"category": "external",
"summary": "RHBZ#2323263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44185"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2024-0006.html",
"url": "https://webkitgtk.org/security/WSA-2024-0006.html"
}
],
"release_date": "2024-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2024-44244",
"cwe": {
"id": "CWE-788",
"name": "Access of Memory Location After End of Buffer"
},
"discovery_date": "2024-11-01T21:06:58.389000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in WebKitGTK, where processing maliciously crafted web content may lead to program to a crash. This issue occurs because code execution is not discarded as consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-44244"
},
{
"category": "external",
"summary": "RHBZ#2323278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-44244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244"
}
],
"release_date": "2024-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-14T15:34:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.src",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-debugsource-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.46.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.i686",
"AppStream-8.4.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash"
}
]
}
ghsa-jmh8-4h3g-x5g5
Vulnerability from github
Published
2023-10-25 21:30
Modified
2024-02-16 15:30
Severity ?
Details
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2023-42852"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-25T19:15:10Z",
"severity": "HIGH"
},
"details": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"id": "GHSA-jmh8-4h3g-x5g5",
"modified": "2024-02-16T15:30:26Z",
"published": "2023-10-25T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42852"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-33"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213981"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213982"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213986"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213987"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213988"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213984"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5557"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/22"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/27"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
wid-sec-w-2023-3000
Vulnerability from csaf_certbund
Published
2023-11-22 23:00
Modified
2023-11-22 23:00
Summary
IGEL OS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IGEL OS ist das Linux basierte Betriebssystem von IGEL Computern.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IGEL OS ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IGEL OS ist das Linux basierte Betriebssystem von IGEL Computern.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IGEL OS ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3000 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3000.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3000 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3000"
},
{
"category": "external",
"summary": "IGEL Product Security Information vom 2023-11-22",
"url": "https://kb.igel.com/securitysafety/en/isn-2023-31-webkit-vulnerabilities-105091376.html"
},
{
"category": "external",
"summary": "IGEL Product Security Information vom 2023-11-22",
"url": "https://kb.igel.com/securitysafety/en/isn-2023-30-ffmpeg-vulnerabilities-105091490.html"
}
],
"source_lang": "en-US",
"title": "IGEL OS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-11-22T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:02:02.115+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-3000",
"initial_release_date": "2023-11-22T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-11-22T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IGEL OS \u003c 12.3.0",
"product": {
"name": "IGEL OS \u003c 12.3.0",
"product_id": "T031336",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:12.3.0"
}
}
},
{
"category": "product_name",
"name": "IGEL OS \u003c 11.09.150",
"product": {
"name": "IGEL OS \u003c 11.09.150",
"product_id": "T031337",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:11.09.150"
}
}
}
],
"category": "product_name",
"name": "OS"
}
],
"category": "vendor",
"name": "IGEL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "In IGEL OS existieren mehrere Schwachstellen in der Webkit Browser Engine. Diese, nicht n\u00e4her beschriebenen Schwachstellen, erm\u00f6glichen es einem entfernten, anonymen Angreifer einen Denial of Service zu verursachen oder beliebigen Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-11-22T23:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-41983",
"notes": [
{
"category": "description",
"text": "In IGEL OS existieren mehrere Schwachstellen in der Webkit Browser Engine. Diese, nicht n\u00e4her beschriebenen Schwachstellen, erm\u00f6glichen es einem entfernten, anonymen Angreifer einen Denial of Service zu verursachen oder beliebigen Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-11-22T23:00:00.000+00:00",
"title": "CVE-2023-41983"
},
{
"cve": "CVE-2022-4907",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in IGEL OS in der verwendeten Videobibliothek Ffmpeg. Diese, nicht n\u00e4her beschreibene Schwachstelle in dem Multimedia-Framework erm\u00f6glicht es einem entfernten anonymen Angreifer einen Denial-of-Service zu verursachen oder m\u00f6glicherweise beliebigen Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-11-22T23:00:00.000+00:00",
"title": "CVE-2022-4907"
}
]
}
WID-SEC-W-2023-2753
Vulnerability from csaf_certbund
Published
2023-10-25 22:00
Modified
2024-02-29 23:00
Summary
Apple macOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- MacOS X
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2753 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2753.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2753 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2753"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213983 vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213983"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213984 vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213985 vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213985"
},
{
"category": "external",
"summary": "PoC CVE-2023-42942 vom 2024-03-01",
"url": "https://jhftss.github.io/CVE-2023-42942-xpcroleaccountd-Root-Privilege-Escalation/"
}
],
"source_lang": "en-US",
"title": "Apple macOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-29T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:00:37.567+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2753",
"initial_release_date": "2023-10-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-02-22T23:00:00.000+00:00",
"number": "2",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2024-02-29T23:00:00.000+00:00",
"number": "3",
"summary": "PoC f\u00fcr CVE-2023-42942 aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Monterey \u003c 12.7.1",
"product": {
"name": "Apple macOS Monterey \u003c 12.7.1",
"product_id": "T030770"
}
},
{
"category": "product_version_range",
"name": "Sonoma \u003c 14.1",
"product": {
"name": "Apple macOS Sonoma \u003c 14.1",
"product_id": "T030771"
}
},
{
"category": "product_version_range",
"name": "Ventura \u003c 13.6.1",
"product": {
"name": "Apple macOS Ventura \u003c 13.6.1",
"product_id": "T030772"
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4781",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4781"
},
{
"cve": "CVE-2023-4752",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4752"
},
{
"cve": "CVE-2023-4751",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4751"
},
{
"cve": "CVE-2023-4750",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4750"
},
{
"cve": "CVE-2023-4738",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4738"
},
{
"cve": "CVE-2023-4736",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4736"
},
{
"cve": "CVE-2023-4735",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4735"
},
{
"cve": "CVE-2023-4734",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4734"
},
{
"cve": "CVE-2023-4733",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4733"
},
{
"cve": "CVE-2023-42952",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42952"
},
{
"cve": "CVE-2023-42942",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42942"
},
{
"cve": "CVE-2023-42889",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42889"
},
{
"cve": "CVE-2023-42877",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42877"
},
{
"cve": "CVE-2023-42873",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42873"
},
{
"cve": "CVE-2023-42861",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42861"
},
{
"cve": "CVE-2023-42860",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42860"
},
{
"cve": "CVE-2023-42859",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42859"
},
{
"cve": "CVE-2023-42858",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42858"
},
{
"cve": "CVE-2023-42857",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42857"
},
{
"cve": "CVE-2023-42856",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42856"
},
{
"cve": "CVE-2023-42854",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42854"
},
{
"cve": "CVE-2023-42853",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42853"
},
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-42850",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42850"
},
{
"cve": "CVE-2023-42849",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42849"
},
{
"cve": "CVE-2023-42848",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42848"
},
{
"cve": "CVE-2023-42847",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42847"
},
{
"cve": "CVE-2023-42845",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42845"
},
{
"cve": "CVE-2023-42844",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42844"
},
{
"cve": "CVE-2023-42843",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42843"
},
{
"cve": "CVE-2023-42842",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42842"
},
{
"cve": "CVE-2023-42841",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42841"
},
{
"cve": "CVE-2023-42840",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42840"
},
{
"cve": "CVE-2023-42838",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42838"
},
{
"cve": "CVE-2023-42836",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42836"
},
{
"cve": "CVE-2023-42835",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42835"
},
{
"cve": "CVE-2023-42834",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42834"
},
{
"cve": "CVE-2023-42823",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42823"
},
{
"cve": "CVE-2023-42438",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42438"
},
{
"cve": "CVE-2023-41997",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41997"
},
{
"cve": "CVE-2023-41989",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41989"
},
{
"cve": "CVE-2023-41988",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41988"
},
{
"cve": "CVE-2023-41983",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41983"
},
{
"cve": "CVE-2023-41982",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41982"
},
{
"cve": "CVE-2023-41977",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41977"
},
{
"cve": "CVE-2023-41976",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41976"
},
{
"cve": "CVE-2023-41975",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41975"
},
{
"cve": "CVE-2023-41254",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41254"
},
{
"cve": "CVE-2023-41077",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41077"
},
{
"cve": "CVE-2023-41072",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41072"
},
{
"cve": "CVE-2023-40449",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40449"
},
{
"cve": "CVE-2023-40447",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40447"
},
{
"cve": "CVE-2023-40444",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40444"
},
{
"cve": "CVE-2023-40425",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40425"
},
{
"cve": "CVE-2023-40423",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40423"
},
{
"cve": "CVE-2023-40421",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40421"
},
{
"cve": "CVE-2023-40416",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40416"
},
{
"cve": "CVE-2023-40413",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40413"
},
{
"cve": "CVE-2023-40408",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40408"
},
{
"cve": "CVE-2023-40405",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40405"
},
{
"cve": "CVE-2023-40404",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40404"
},
{
"cve": "CVE-2023-40401",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40401"
},
{
"cve": "CVE-2023-38403",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-38403"
},
{
"cve": "CVE-2023-30774",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-30774"
}
]
}
WID-SEC-W-2023-2754
Vulnerability from csaf_certbund
Published
2023-10-25 22:00
Modified
2024-02-22 23:00
Summary
Apple iOS und Apple iPadOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.
Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- iPhoneOS
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- iPhoneOS",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2754 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2754.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2754 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2754"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213981 vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213981"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213982 vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213982"
}
],
"source_lang": "en-US",
"title": "Apple iOS und Apple iPadOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-22T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:00:37.922+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2754",
"initial_release_date": "2023-10-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-02-19T23:00:00.000+00:00",
"number": "2",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2024-02-22T23:00:00.000+00:00",
"number": "3",
"summary": "CVE\u0027s erg\u00e4nzt"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 16.7.2",
"product": {
"name": "Apple iOS \u003c 16.7.2",
"product_id": "T030764"
}
},
{
"category": "product_version_range",
"name": "\u003c 17.1",
"product": {
"name": "Apple iOS \u003c 17.1",
"product_id": "T030766"
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 16.7.2",
"product": {
"name": "Apple iPadOS \u003c 16.7.2",
"product_id": "T030765"
}
},
{
"category": "product_version_range",
"name": "\u003c 17.1",
"product": {
"name": "Apple iPadOS \u003c 17.1",
"product_id": "T030767"
}
}
],
"category": "product_name",
"name": "iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42953",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42953"
},
{
"cve": "CVE-2023-42952",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42952"
},
{
"cve": "CVE-2023-42951",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42951"
},
{
"cve": "CVE-2023-42946",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42946"
},
{
"cve": "CVE-2023-42942",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42942"
},
{
"cve": "CVE-2023-42939",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42939"
},
{
"cve": "CVE-2023-42928",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42928"
},
{
"cve": "CVE-2023-42878",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42878"
},
{
"cve": "CVE-2023-42873",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42873"
},
{
"cve": "CVE-2023-42857",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42857"
},
{
"cve": "CVE-2023-42855",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42855"
},
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-42849",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42849"
},
{
"cve": "CVE-2023-42847",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42847"
},
{
"cve": "CVE-2023-42846",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42846"
},
{
"cve": "CVE-2023-42845",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42845"
},
{
"cve": "CVE-2023-42841",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42841"
},
{
"cve": "CVE-2023-41997",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41997"
},
{
"cve": "CVE-2023-41988",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41988"
},
{
"cve": "CVE-2023-41983",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41983"
},
{
"cve": "CVE-2023-41982",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41982"
},
{
"cve": "CVE-2023-41977",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41977"
},
{
"cve": "CVE-2023-41976",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41976"
},
{
"cve": "CVE-2023-41254",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41254"
},
{
"cve": "CVE-2023-41072",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41072"
},
{
"cve": "CVE-2023-40449",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40449"
},
{
"cve": "CVE-2023-40447",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40447"
},
{
"cve": "CVE-2023-40445",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40445"
},
{
"cve": "CVE-2023-40423",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40423"
},
{
"cve": "CVE-2023-40416",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40416"
},
{
"cve": "CVE-2023-40413",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40413"
},
{
"cve": "CVE-2023-40408",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40408"
},
{
"cve": "CVE-2023-32359",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-32359"
}
]
}
wid-sec-w-2023-2754
Vulnerability from csaf_certbund
Published
2023-10-25 22:00
Modified
2024-02-22 23:00
Summary
Apple iOS und Apple iPadOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.
Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- iPhoneOS
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- iPhoneOS",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2754 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2754.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2754 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2754"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213981 vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213981"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213982 vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213982"
}
],
"source_lang": "en-US",
"title": "Apple iOS und Apple iPadOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-22T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:00:37.922+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2754",
"initial_release_date": "2023-10-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-02-19T23:00:00.000+00:00",
"number": "2",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2024-02-22T23:00:00.000+00:00",
"number": "3",
"summary": "CVE\u0027s erg\u00e4nzt"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 16.7.2",
"product": {
"name": "Apple iOS \u003c 16.7.2",
"product_id": "T030764"
}
},
{
"category": "product_version_range",
"name": "\u003c 17.1",
"product": {
"name": "Apple iOS \u003c 17.1",
"product_id": "T030766"
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 16.7.2",
"product": {
"name": "Apple iPadOS \u003c 16.7.2",
"product_id": "T030765"
}
},
{
"category": "product_version_range",
"name": "\u003c 17.1",
"product": {
"name": "Apple iPadOS \u003c 17.1",
"product_id": "T030767"
}
}
],
"category": "product_name",
"name": "iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42953",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42953"
},
{
"cve": "CVE-2023-42952",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42952"
},
{
"cve": "CVE-2023-42951",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42951"
},
{
"cve": "CVE-2023-42946",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42946"
},
{
"cve": "CVE-2023-42942",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42942"
},
{
"cve": "CVE-2023-42939",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42939"
},
{
"cve": "CVE-2023-42928",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42928"
},
{
"cve": "CVE-2023-42878",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42878"
},
{
"cve": "CVE-2023-42873",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42873"
},
{
"cve": "CVE-2023-42857",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42857"
},
{
"cve": "CVE-2023-42855",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42855"
},
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-42849",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42849"
},
{
"cve": "CVE-2023-42847",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42847"
},
{
"cve": "CVE-2023-42846",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42846"
},
{
"cve": "CVE-2023-42845",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42845"
},
{
"cve": "CVE-2023-42841",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42841"
},
{
"cve": "CVE-2023-41997",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41997"
},
{
"cve": "CVE-2023-41988",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41988"
},
{
"cve": "CVE-2023-41983",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41983"
},
{
"cve": "CVE-2023-41982",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41982"
},
{
"cve": "CVE-2023-41977",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41977"
},
{
"cve": "CVE-2023-41976",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41976"
},
{
"cve": "CVE-2023-41254",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41254"
},
{
"cve": "CVE-2023-41072",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41072"
},
{
"cve": "CVE-2023-40449",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40449"
},
{
"cve": "CVE-2023-40447",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40447"
},
{
"cve": "CVE-2023-40445",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40445"
},
{
"cve": "CVE-2023-40423",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40423"
},
{
"cve": "CVE-2023-40416",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40416"
},
{
"cve": "CVE-2023-40413",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40413"
},
{
"cve": "CVE-2023-40408",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40408"
},
{
"cve": "CVE-2023-32359",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen, u. a. durch unsachgem\u00e4\u00dfe Speicher- oder Cache-Verarbeitung und unsachgem\u00e4\u00dfe Zustandsverwaltung. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-32359"
}
]
}
wid-sec-w-2023-2744
Vulnerability from csaf_certbund
Published
2023-10-25 22:00
Modified
2023-10-25 22:00
Summary
Apple Safari: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Safari ist der auf Apple Geräten eingesetzte Web Browser.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- MacOS X
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Safari ist der auf Apple Ger\u00e4ten eingesetzte Web Browser.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2744 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2744.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2744 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2744"
},
{
"category": "external",
"summary": "Apple Security Update vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213986"
}
],
"source_lang": "en-US",
"title": "Apple Safari: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-25T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:00:32.769+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2744",
"initial_release_date": "2023-10-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Apple Safari \u003c 17.1",
"product": {
"name": "Apple Safari \u003c 17.1",
"product_id": "T030769",
"product_identification_helper": {
"cpe": "cpe:/a:apple:safari:17.1"
}
}
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "In Apple Safari existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"WebKit\" und \"WebKit Process Model\" und treten beim Verarbeiten von Webinhalten auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-41983",
"notes": [
{
"category": "description",
"text": "In Apple Safari existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"WebKit\" und \"WebKit Process Model\" und treten beim Verarbeiten von Webinhalten auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41983"
},
{
"cve": "CVE-2023-41976",
"notes": [
{
"category": "description",
"text": "In Apple Safari existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"WebKit\" und \"WebKit Process Model\" und treten beim Verarbeiten von Webinhalten auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41976"
},
{
"cve": "CVE-2023-40447",
"notes": [
{
"category": "description",
"text": "In Apple Safari existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"WebKit\" und \"WebKit Process Model\" und treten beim Verarbeiten von Webinhalten auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40447"
}
]
}
wid-sec-w-2024-1213
Vulnerability from csaf_certbund
Published
2024-05-21 22:00
Modified
2024-11-11 23:00
Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in verschiedenen Komponenten von Red Hat Enterprise Linux ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in verschiedenen Komponenten von Red Hat Enterprise Linux ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1213 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1213.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1213 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1213"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2982 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3049 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:3049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3066 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:3066"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3095 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3095"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3127 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3127"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3275 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3275"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3275 vom 2024-05-30",
"url": "http://linux.oracle.com/errata/ELSA-2024-3275.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3483 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3483"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3790 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3790"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-3B4C7849AB vom 2024-06-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-3b4c7849ab"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4960 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2689 vom 2024-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2689.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9423 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9423"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-11T23:00:00.000+00:00",
"generator": {
"date": "2024-11-12T12:17:04.618+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-1213",
"initial_release_date": "2024-05-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-12T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "Red Hat Enterprise Linux 7",
"product_id": "T035007",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T035008",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T035009",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-18651",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der exempi-Komponente aufgrund eines Puffer\u00fcberlaufs durch das \u00d6ffnen einer manipulierten Webp- oder Audiodatei mit der ID3V2-Frame-Datei. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T035008",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2020-18651"
},
{
"cve": "CVE-2020-18652",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der exempi-Komponente aufgrund eines Puffer\u00fcberlaufs durch das \u00d6ffnen einer manipulierten Webp- oder Audiodatei mit der ID3V2-Frame-Datei. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T035008",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2020-18652"
},
{
"cve": "CVE-2013-7488",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat Enterprise Linux. Dieser Fehler besteht in der Komponente perl-Convert-ASN1, die \u00fcber unerwartete Eingaben zu einer Endlosschleife f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2013-7488"
},
{
"cve": "CVE-2014-1745",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2014-1745"
},
{
"cve": "CVE-2023-32359",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-32359"
},
{
"cve": "CVE-2023-39928",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-39928"
},
{
"cve": "CVE-2023-40414",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-40414"
},
{
"cve": "CVE-2023-41983",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-41983"
},
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-42883",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-42883"
},
{
"cve": "CVE-2023-42890",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-42890"
},
{
"cve": "CVE-2024-23206",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-23206"
},
{
"cve": "CVE-2024-23213",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-23213"
},
{
"cve": "CVE-2023-43361",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux in der Komponente \"vorbis-tools\". Bei der Konvertierung von \"WAV\" Dateien in das \"OGG\" Format kann es zu einem Puffer\u00fcberlauf kommen. Ein entfernter, anonymer Angreifer kann dies mittels einer speziell gestalteten Datei zur Codeausf\u00fchrung ausnutzen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-43361"
},
{
"cve": "CVE-2020-18770",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux in der \"zziplib\" Komponente. Die Funktion \"zzip_disk_entry_to_file_header\" in \"mmapped.c\" kann einen ung\u00fcltigen Speicherzugriff ausl\u00f6sen. Ein entfernter, anonymer Angreifer kann dies mit einer speziell gestalteten Datei ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2020-18770"
},
{
"cve": "CVE-2023-29483",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux in der \"dnspython\" Komponente. Ein entfernter, anonymer Angreifer kann diese mittels einer speziell gestalteten DNS Antwort ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-29483"
}
]
}
WID-SEC-W-2023-3000
Vulnerability from csaf_certbund
Published
2023-11-22 23:00
Modified
2023-11-22 23:00
Summary
IGEL OS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IGEL OS ist das Linux basierte Betriebssystem von IGEL Computern.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IGEL OS ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IGEL OS ist das Linux basierte Betriebssystem von IGEL Computern.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IGEL OS ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3000 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3000.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3000 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3000"
},
{
"category": "external",
"summary": "IGEL Product Security Information vom 2023-11-22",
"url": "https://kb.igel.com/securitysafety/en/isn-2023-31-webkit-vulnerabilities-105091376.html"
},
{
"category": "external",
"summary": "IGEL Product Security Information vom 2023-11-22",
"url": "https://kb.igel.com/securitysafety/en/isn-2023-30-ffmpeg-vulnerabilities-105091490.html"
}
],
"source_lang": "en-US",
"title": "IGEL OS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-11-22T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:02:02.115+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-3000",
"initial_release_date": "2023-11-22T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-11-22T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IGEL OS \u003c 12.3.0",
"product": {
"name": "IGEL OS \u003c 12.3.0",
"product_id": "T031336",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:12.3.0"
}
}
},
{
"category": "product_name",
"name": "IGEL OS \u003c 11.09.150",
"product": {
"name": "IGEL OS \u003c 11.09.150",
"product_id": "T031337",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:11.09.150"
}
}
}
],
"category": "product_name",
"name": "OS"
}
],
"category": "vendor",
"name": "IGEL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "In IGEL OS existieren mehrere Schwachstellen in der Webkit Browser Engine. Diese, nicht n\u00e4her beschriebenen Schwachstellen, erm\u00f6glichen es einem entfernten, anonymen Angreifer einen Denial of Service zu verursachen oder beliebigen Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-11-22T23:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-41983",
"notes": [
{
"category": "description",
"text": "In IGEL OS existieren mehrere Schwachstellen in der Webkit Browser Engine. Diese, nicht n\u00e4her beschriebenen Schwachstellen, erm\u00f6glichen es einem entfernten, anonymen Angreifer einen Denial of Service zu verursachen oder beliebigen Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-11-22T23:00:00.000+00:00",
"title": "CVE-2023-41983"
},
{
"cve": "CVE-2022-4907",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in IGEL OS in der verwendeten Videobibliothek Ffmpeg. Diese, nicht n\u00e4her beschreibene Schwachstelle in dem Multimedia-Framework erm\u00f6glicht es einem entfernten anonymen Angreifer einen Denial-of-Service zu verursachen oder m\u00f6glicherweise beliebigen Code auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-11-22T23:00:00.000+00:00",
"title": "CVE-2022-4907"
}
]
}
wid-sec-w-2023-2753
Vulnerability from csaf_certbund
Published
2023-10-25 22:00
Modified
2024-02-29 23:00
Summary
Apple macOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- MacOS X
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2753 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2753.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2753 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2753"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213983 vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213983"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213984 vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213985 vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213985"
},
{
"category": "external",
"summary": "PoC CVE-2023-42942 vom 2024-03-01",
"url": "https://jhftss.github.io/CVE-2023-42942-xpcroleaccountd-Root-Privilege-Escalation/"
}
],
"source_lang": "en-US",
"title": "Apple macOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-29T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:00:37.567+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2753",
"initial_release_date": "2023-10-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-02-22T23:00:00.000+00:00",
"number": "2",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2024-02-29T23:00:00.000+00:00",
"number": "3",
"summary": "PoC f\u00fcr CVE-2023-42942 aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Monterey \u003c 12.7.1",
"product": {
"name": "Apple macOS Monterey \u003c 12.7.1",
"product_id": "T030770"
}
},
{
"category": "product_version_range",
"name": "Sonoma \u003c 14.1",
"product": {
"name": "Apple macOS Sonoma \u003c 14.1",
"product_id": "T030771"
}
},
{
"category": "product_version_range",
"name": "Ventura \u003c 13.6.1",
"product": {
"name": "Apple macOS Ventura \u003c 13.6.1",
"product_id": "T030772"
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4781",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4781"
},
{
"cve": "CVE-2023-4752",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4752"
},
{
"cve": "CVE-2023-4751",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4751"
},
{
"cve": "CVE-2023-4750",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4750"
},
{
"cve": "CVE-2023-4738",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4738"
},
{
"cve": "CVE-2023-4736",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4736"
},
{
"cve": "CVE-2023-4735",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4735"
},
{
"cve": "CVE-2023-4734",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4734"
},
{
"cve": "CVE-2023-4733",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-4733"
},
{
"cve": "CVE-2023-42952",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42952"
},
{
"cve": "CVE-2023-42942",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42942"
},
{
"cve": "CVE-2023-42889",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42889"
},
{
"cve": "CVE-2023-42877",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42877"
},
{
"cve": "CVE-2023-42873",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42873"
},
{
"cve": "CVE-2023-42861",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42861"
},
{
"cve": "CVE-2023-42860",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42860"
},
{
"cve": "CVE-2023-42859",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42859"
},
{
"cve": "CVE-2023-42858",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42858"
},
{
"cve": "CVE-2023-42857",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42857"
},
{
"cve": "CVE-2023-42856",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42856"
},
{
"cve": "CVE-2023-42854",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42854"
},
{
"cve": "CVE-2023-42853",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42853"
},
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-42850",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42850"
},
{
"cve": "CVE-2023-42849",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42849"
},
{
"cve": "CVE-2023-42848",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42848"
},
{
"cve": "CVE-2023-42847",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42847"
},
{
"cve": "CVE-2023-42845",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42845"
},
{
"cve": "CVE-2023-42844",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42844"
},
{
"cve": "CVE-2023-42843",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42843"
},
{
"cve": "CVE-2023-42842",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42842"
},
{
"cve": "CVE-2023-42841",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42841"
},
{
"cve": "CVE-2023-42840",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42840"
},
{
"cve": "CVE-2023-42838",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42838"
},
{
"cve": "CVE-2023-42836",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42836"
},
{
"cve": "CVE-2023-42835",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42835"
},
{
"cve": "CVE-2023-42834",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42834"
},
{
"cve": "CVE-2023-42823",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42823"
},
{
"cve": "CVE-2023-42438",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42438"
},
{
"cve": "CVE-2023-41997",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41997"
},
{
"cve": "CVE-2023-41989",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41989"
},
{
"cve": "CVE-2023-41988",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41988"
},
{
"cve": "CVE-2023-41983",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41983"
},
{
"cve": "CVE-2023-41982",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41982"
},
{
"cve": "CVE-2023-41977",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41977"
},
{
"cve": "CVE-2023-41976",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41976"
},
{
"cve": "CVE-2023-41975",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41975"
},
{
"cve": "CVE-2023-41254",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41254"
},
{
"cve": "CVE-2023-41077",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41077"
},
{
"cve": "CVE-2023-41072",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41072"
},
{
"cve": "CVE-2023-40449",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40449"
},
{
"cve": "CVE-2023-40447",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40447"
},
{
"cve": "CVE-2023-40444",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40444"
},
{
"cve": "CVE-2023-40425",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40425"
},
{
"cve": "CVE-2023-40423",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40423"
},
{
"cve": "CVE-2023-40421",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40421"
},
{
"cve": "CVE-2023-40416",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40416"
},
{
"cve": "CVE-2023-40413",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40413"
},
{
"cve": "CVE-2023-40408",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40408"
},
{
"cve": "CVE-2023-40405",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40405"
},
{
"cve": "CVE-2023-40404",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40404"
},
{
"cve": "CVE-2023-40401",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40401"
},
{
"cve": "CVE-2023-38403",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-38403"
},
{
"cve": "CVE-2023-30774",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Apple macOS. Diese Fehler bestehen in CoreAnimation, Find My, ImageIO, Safari, Siri und anderen Komponenten und Modulen aufgrund von unsachgem\u00e4\u00dfer Speicher- oder Cache-Verarbeitung, unsachgem\u00e4\u00dfer Zustandsverwaltung und anderen Fehlern. Ein Angreifer kann diese Schwachstellen ausnutzen, um Root-Rechte zu erlangen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-30774"
}
]
}
WID-SEC-W-2024-1213
Vulnerability from csaf_certbund
Published
2024-05-21 22:00
Modified
2024-11-11 23:00
Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in verschiedenen Komponenten von Red Hat Enterprise Linux ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in verschiedenen Komponenten von Red Hat Enterprise Linux ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1213 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1213.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1213 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1213"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2982 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2982"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3049 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:3049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3066 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:3066"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3095 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3095"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3127 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3127"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3275 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3275"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3275 vom 2024-05-30",
"url": "http://linux.oracle.com/errata/ELSA-2024-3275.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3483 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3483"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3790 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3790"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-3B4C7849AB vom 2024-06-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-3b4c7849ab"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4960 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2689 vom 2024-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2689.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9423 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9423"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-11T23:00:00.000+00:00",
"generator": {
"date": "2024-11-12T12:17:04.618+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-1213",
"initial_release_date": "2024-05-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-12T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "Red Hat Enterprise Linux 7",
"product_id": "T035007",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T035008",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T035009",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-18651",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der exempi-Komponente aufgrund eines Puffer\u00fcberlaufs durch das \u00d6ffnen einer manipulierten Webp- oder Audiodatei mit der ID3V2-Frame-Datei. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T035008",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2020-18651"
},
{
"cve": "CVE-2020-18652",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der exempi-Komponente aufgrund eines Puffer\u00fcberlaufs durch das \u00d6ffnen einer manipulierten Webp- oder Audiodatei mit der ID3V2-Frame-Datei. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T035008",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2020-18652"
},
{
"cve": "CVE-2013-7488",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat Enterprise Linux. Dieser Fehler besteht in der Komponente perl-Convert-ASN1, die \u00fcber unerwartete Eingaben zu einer Endlosschleife f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2013-7488"
},
{
"cve": "CVE-2014-1745",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2014-1745"
},
{
"cve": "CVE-2023-32359",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-32359"
},
{
"cve": "CVE-2023-39928",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-39928"
},
{
"cve": "CVE-2023-40414",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-40414"
},
{
"cve": "CVE-2023-41983",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-41983"
},
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-42883",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-42883"
},
{
"cve": "CVE-2023-42890",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-42890"
},
{
"cve": "CVE-2024-23206",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-23206"
},
{
"cve": "CVE-2024-23213",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler bestehen in der webkitgtk-Komponente aufgrund verschiedener sicherheitsrelevanter Probleme wie einem use-after-free, einem Boundary-Fehler oder einer unsachgem\u00e4\u00dfen Speicherbehandlung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2024-23213"
},
{
"cve": "CVE-2023-43361",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux in der Komponente \"vorbis-tools\". Bei der Konvertierung von \"WAV\" Dateien in das \"OGG\" Format kann es zu einem Puffer\u00fcberlauf kommen. Ein entfernter, anonymer Angreifer kann dies mittels einer speziell gestalteten Datei zur Codeausf\u00fchrung ausnutzen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-43361"
},
{
"cve": "CVE-2020-18770",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux in der \"zziplib\" Komponente. Die Funktion \"zzip_disk_entry_to_file_header\" in \"mmapped.c\" kann einen ung\u00fcltigen Speicherzugriff ausl\u00f6sen. Ein entfernter, anonymer Angreifer kann dies mit einer speziell gestalteten Datei ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2020-18770"
},
{
"cve": "CVE-2023-29483",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux in der \"dnspython\" Komponente. Ein entfernter, anonymer Angreifer kann diese mittels einer speziell gestalteten DNS Antwort ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T035009",
"T035008",
"T035007",
"67646",
"398363",
"T004914",
"74185"
]
},
"release_date": "2024-05-21T22:00:00.000+00:00",
"title": "CVE-2023-29483"
}
]
}
wid-sec-w-2024-3286
Vulnerability from csaf_certbund
Published
2024-10-27 23:00
Modified
2024-11-19 23:00
Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3286 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3286.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3286 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3286"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-27",
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-27",
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9646 vom 2024-11-14",
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9653 vom 2024-11-14",
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9680 vom 2024-11-14",
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9679 vom 2024-11-14",
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-9636 vom 2024-11-18",
"url": "http://linux.oracle.com/errata/ELSA-2024-9636.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:9636 vom 2024-11-19",
"url": "https://errata.build.resf.org/RLSA-2024:9636"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-19T23:00:00.000+00:00",
"generator": {
"date": "2024-11-20T09:18:39.412+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3286",
"initial_release_date": "2024-10-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-11-14T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-17T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8",
"product": {
"name": "RESF Rocky Linux 8",
"product_id": "T039270",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:8"
}
}
}
],
"category": "product_name",
"name": "Rocky Linux"
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T035974",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
},
{
"category": "product_version",
"name": "9.2",
"product": {
"name": "Red Hat Enterprise Linux 9.2",
"product_id": "T038627",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9.2"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2022-32885"
},
{
"cve": "CVE-2023-40397",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2023-40397"
},
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-42917",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2023-42917"
},
{
"cve": "CVE-2024-27820",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-27820"
},
{
"cve": "CVE-2024-27851",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-27851"
},
{
"cve": "CVE-2024-40776",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-40776"
},
{
"cve": "CVE-2024-40779",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-40779"
},
{
"cve": "CVE-2024-40780",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-40780"
},
{
"cve": "CVE-2024-40782",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-40782"
},
{
"cve": "CVE-2024-40789",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-40789"
},
{
"cve": "CVE-2024-4558",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-4558"
}
]
}
WID-SEC-W-2024-3286
Vulnerability from csaf_certbund
Published
2024-10-27 23:00
Modified
2024-11-19 23:00
Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3286 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3286.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3286 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3286"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-27",
"url": "https://access.redhat.com/errata/RHSA-2024:8492"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-27",
"url": "https://access.redhat.com/errata/RHSA-2024:8496"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9646 vom 2024-11-14",
"url": "https://access.redhat.com/errata/RHSA-2024:9646"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9653 vom 2024-11-14",
"url": "https://access.redhat.com/errata/RHSA-2024:9653"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9680 vom 2024-11-14",
"url": "https://access.redhat.com/errata/RHSA-2024:9680"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9679 vom 2024-11-14",
"url": "https://access.redhat.com/errata/RHSA-2024:9679"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-9636 vom 2024-11-18",
"url": "http://linux.oracle.com/errata/ELSA-2024-9636.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:9636 vom 2024-11-19",
"url": "https://errata.build.resf.org/RLSA-2024:9636"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-19T23:00:00.000+00:00",
"generator": {
"date": "2024-11-20T09:18:39.412+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3286",
"initial_release_date": "2024-10-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-11-14T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-17T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8",
"product": {
"name": "RESF Rocky Linux 8",
"product_id": "T039270",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:8"
}
}
}
],
"category": "product_name",
"name": "Rocky Linux"
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T035974",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
},
{
"category": "product_version",
"name": "9.2",
"product": {
"name": "Red Hat Enterprise Linux 9.2",
"product_id": "T038627",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9.2"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32885",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2022-32885"
},
{
"cve": "CVE-2023-40397",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2023-40397"
},
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-42917",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2023-42917"
},
{
"cve": "CVE-2024-27820",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-27820"
},
{
"cve": "CVE-2024-27851",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-27851"
},
{
"cve": "CVE-2024-40776",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-40776"
},
{
"cve": "CVE-2024-40779",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-40779"
},
{
"cve": "CVE-2024-40780",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-40780"
},
{
"cve": "CVE-2024-40782",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-40782"
},
{
"cve": "CVE-2024-40789",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-40789"
},
{
"cve": "CVE-2024-4558",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat Enterprise Linux. Diese Fehler existieren in den WebKit- und ANGLE-Komponenten aufgrund verschiedener sicherheitsrelevanter Probleme wie einer unzureichenden Speicherbehandlung, einer unzureichenden \u00dcberpr\u00fcfung der Grenzen oder einer Speicherbesch\u00e4digung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T035974",
"T039270",
"67646",
"T038627",
"T004914"
]
},
"release_date": "2024-10-27T23:00:00.000+00:00",
"title": "CVE-2024-4558"
}
]
}
WID-SEC-W-2023-2744
Vulnerability from csaf_certbund
Published
2023-10-25 22:00
Modified
2023-10-25 22:00
Summary
Apple Safari: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Safari ist der auf Apple Geräten eingesetzte Web Browser.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- MacOS X
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Safari ist der auf Apple Ger\u00e4ten eingesetzte Web Browser.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple Safari ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2744 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2744.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2744 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2744"
},
{
"category": "external",
"summary": "Apple Security Update vom 2023-10-25",
"url": "https://support.apple.com/en-us/HT213986"
}
],
"source_lang": "en-US",
"title": "Apple Safari: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-25T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:00:32.769+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2744",
"initial_release_date": "2023-10-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Apple Safari \u003c 17.1",
"product": {
"name": "Apple Safari \u003c 17.1",
"product_id": "T030769",
"product_identification_helper": {
"cpe": "cpe:/a:apple:safari:17.1"
}
}
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42852",
"notes": [
{
"category": "description",
"text": "In Apple Safari existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"WebKit\" und \"WebKit Process Model\" und treten beim Verarbeiten von Webinhalten auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-42852"
},
{
"cve": "CVE-2023-41983",
"notes": [
{
"category": "description",
"text": "In Apple Safari existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"WebKit\" und \"WebKit Process Model\" und treten beim Verarbeiten von Webinhalten auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41983"
},
{
"cve": "CVE-2023-41976",
"notes": [
{
"category": "description",
"text": "In Apple Safari existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"WebKit\" und \"WebKit Process Model\" und treten beim Verarbeiten von Webinhalten auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-41976"
},
{
"cve": "CVE-2023-40447",
"notes": [
{
"category": "description",
"text": "In Apple Safari existieren mehrere Schwachstellen. Diese bestehen in den Komponenten \"WebKit\" und \"WebKit Process Model\" und treten beim Verarbeiten von Webinhalten auf. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"release_date": "2023-10-25T22:00:00.000+00:00",
"title": "CVE-2023-40447"
}
]
}
fkie_cve-2023-42852
Vulnerability from fkie_nvd
Published
2023-10-25 19:15
Modified
2024-11-21 08:23
Severity ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84250563-E42D-4F36-ACB0-081804E27FA4",
"versionEndExcluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFB829A-82EA-40BB-81F9-AD4F69F24ABA",
"versionEndExcluding": "16.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "387C5D63-833F-4407-A402-501DEF4E15AE",
"versionEndExcluding": "17.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB9EAAE-441A-4844-BCB2-1716FD9ACE85",
"versionEndExcluding": "16.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F53A32D0-DB67-40D7-B14E-3963E696A77E",
"versionEndExcluding": "17.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F52915-10F1-4514-B839-F6DC74B53555",
"versionEndExcluding": "14.1",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B71C095-CFB3-42E1-8582-0AD365DA7855",
"versionEndExcluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F88E7355-ECFB-4EB0-9579-0C954C25355F",
"versionEndExcluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema l\u00f3gico con controles mejorados. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1, watchOS 10.1, iOS 16.7.2 y iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2023-42852",
"lastModified": "2024-11-21T08:23:22.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T19:15:10.843",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/22"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/27"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-33"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213986"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213987"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213988"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5557"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2023-42852
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-42852",
"id": "GSD-2023-42852"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-42852"
],
"details": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.",
"id": "GSD-2023-42852",
"modified": "2023-12-13T01:20:21.562956Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2023-42852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "16.7"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "17.1"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "17.1"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "14.1"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT213981",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213981"
},
{
"name": "https://support.apple.com/en-us/HT213986",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213986"
},
{
"name": "https://support.apple.com/en-us/HT213987",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213987"
},
{
"name": "https://support.apple.com/en-us/HT213984",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"name": "https://support.apple.com/en-us/HT213988",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213988"
},
{
"name": "https://support.apple.com/en-us/HT213982",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213982"
},
{
"name": "https://support.apple.com/kb/HT213984",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT213984"
},
{
"name": "http://seclists.org/fulldisclosure/2023/Oct/23",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"name": "http://seclists.org/fulldisclosure/2023/Oct/22",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2023/Oct/22"
},
{
"name": "http://seclists.org/fulldisclosure/2023/Oct/19",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"name": "http://seclists.org/fulldisclosure/2023/Oct/27",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2023/Oct/27"
},
{
"name": "http://seclists.org/fulldisclosure/2023/Oct/24",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"name": "http://seclists.org/fulldisclosure/2023/Oct/25",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2023/11/15/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
},
{
"name": "https://www.debian.org/security/2023/dsa-5557",
"refsource": "MISC",
"url": "https://www.debian.org/security/2023/dsa-5557"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
},
{
"name": "https://security.gentoo.org/glsa/202401-33",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202401-33"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84250563-E42D-4F36-ACB0-081804E27FA4",
"versionEndExcluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFB829A-82EA-40BB-81F9-AD4F69F24ABA",
"versionEndExcluding": "16.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "387C5D63-833F-4407-A402-501DEF4E15AE",
"versionEndExcluding": "17.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB9EAAE-441A-4844-BCB2-1716FD9ACE85",
"versionEndExcluding": "16.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F53A32D0-DB67-40D7-B14E-3963E696A77E",
"versionEndExcluding": "17.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F52915-10F1-4514-B839-F6DC74B53555",
"versionEndExcluding": "14.1",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B71C095-CFB3-42E1-8582-0AD365DA7855",
"versionEndExcluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F88E7355-ECFB-4EB0-9579-0C954C25355F",
"versionEndExcluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema l\u00f3gico con controles mejorados. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1, watchOS 10.1, iOS 16.7.2 y iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2023-42852",
"lastModified": "2024-02-16T15:24:56.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T19:15:10.843",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/22"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/23"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/25"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/27"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-33"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213986"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213987"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213988"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213984"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5557"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.